New Year, New Cyber Risk
As we head into February, security challenges are mounting for organizations worldwide.
We are watching the Ukraine situation closely, as previous Russian cyberattacks aimed at adversaries, such as NotPetya, have had massive global consequences. We could easily see similar collateral damage as tensions escalate in the region.
Ukrainian intelligence agencies have confirmed that at least 80 Ukrainian government agencies and an unspecified number of businesses were targeted in January with a new type of wiper malware known as WhisperGate. According to reports, these attacks were specifically aimed at critical infrastructure. Recent analysis conducted by Microsoft (which discovered the malware) found that WhisperGate has "strategic similarities" to the NotPetya attacks of 2017.
Collateral damage is just one aspect of the risk associated with the Ukrainian situation. The Department of Homeland Security (DHS) has also issued a warning that a U.S. response could result in a targeted cyberattack launched against the U.S. by the Russian government or its proxies. This type of escalation could easily impact the global economy.
Recommended by LinkedIn
We are also seeing reports that the WhisperGate attacks leveraged Log4j vulnerabilities to gain access to some systems. Since Log4j is so widely deployed, we believe that organizations will struggle with attacks resulting from Log4j exploitation in 2022 and beyond.
Given the current climate, organizations should double down on hardening their security practices as soon as possible. Continuous monitoring and measurement of your organization’s security performance – as well as critical third parties, business partners, and vendors – is essential to mitigate business risk in an ever-changing threat landscape.
Understanding your entire attack surface is key. As security and risk professionals take steps to improve cybersecurity posture, email, network, and web security often take center stage. However, as internet use continues moving toward a mobile-centric experience, it has become essential to consider mobile applications when crafting a security strategy.
In other words, risk may be lurking in places you haven’t historically considered. BitSight’s new Mobile Application Risk Report illustrates this quite well.